Created by: dependabot[bot]
Bumps tensorflow from 2.5.0 to 2.5.2.
Release notes
Sourced from tensorflow's releases.
TensorFlow 2.5.2
Release 2.5.2
This release introduces several vulnerability fixes:
- Fixes a code injection issue in
saved_model_cli
(CVE-2021-41228)- Fixes a vulnerability due to use of uninitialized value in Tensorflow (CVE-2021-41225)
- Fixes a heap OOB in
FusedBatchNorm
kernels (CVE-2021-41223)- Fixes an arbitrary memory read in
ImmutableConst
(CVE-2021-41227)- Fixes a heap OOB in
SparseBinCount
(CVE-2021-41226)- Fixes a heap OOB in
SparseFillEmptyRows
(CVE-2021-41224)- Fixes a segfault due to negative splits in
SplitV
(CVE-2021-41222)- Fixes segfaults and vulnerabilities caused by accesses to invalid memory during shape inference in
Cudnn*
ops (CVE-2021-41221)- Fixes a null pointer exception when
Exit
node is not preceded byEnter
op (CVE-2021-41217)- Fixes an integer division by 0 in
tf.raw_ops.AllToAll
(CVE-2021-41218)- Fixes an undefined behavior via
nullptr
reference binding in sparse matrix multiplication (CVE-2021-41219)- Fixes a heap buffer overflow in
Transpose
(CVE-2021-41216)- Prevents deadlocks arising from mutually recursive
tf.function
objects (CVE-2021-41213)- Fixes a null pointer exception in
DeserializeSparse
(CVE-2021-41215)- Fixes an undefined behavior arising from reference binding to
nullptr
intf.ragged.cross
(CVE-2021-41214)- Fixes a heap OOB read in
tf.ragged.cross
(CVE-2021-41212)- Fixes a heap OOB read in all
tf.raw_ops.QuantizeAndDequantizeV*
ops (CVE-2021-41205)- Fixes an FPE in
ParallelConcat
(CVE-2021-41207)- Fixes FPE issues in convolutions with zero size filters (CVE-2021-41209)
- Fixes a heap OOB read in
tf.raw_ops.SparseCountSparseOutput
(CVE-2021-41210)- Fixes vulnerabilities caused by incomplete validation in boosted trees code (CVE-2021-41208)
- Fixes vulnerabilities caused by incomplete validation of shapes in multiple TF ops (CVE-2021-41206)
- Fixes a segfault produced while copying constant resource tensor (CVE-2021-41204)
- Fixes a vulnerability caused by unitialized access in
EinsumHelper::ParseEquation
(CVE-2021-41201)- Fixes several vulnerabilities and segfaults caused by missing validation during checkpoint loading (CVE-2021-41203)
- Fixes an overflow producing a crash in
tf.range
(CVE-2021-41202)- Fixes an overflow producing a crash in
tf.image.resize
when size is large (CVE-2021-41199)- Fixes an overflow producing a crash in
tf.tile
when tiling tensor is large (CVE-2021-41198)- Fixes a vulnerability produced due to incomplete validation in
tf.summary.create_file_writer
(CVE-2021-41200)- Fixes multiple crashes due to overflow and
CHECK
-fail in ops with large tensor shapes (CVE-2021-41197)- Fixes a crash in
max_pool3d
when size argument is 0 or negative (CVE-2021-41196)- Fixes a crash in
tf.math.segment_*
operations (CVE-2021-41195)- Updates
curl
to7.78.0
to handle CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, and CVE-2021-22926.TensorFlow 2.5.1
Release 2.5.1
This release introduces several vulnerability fixes:
- Fixes a heap out of bounds access in sparse reduction operations (CVE-2021-37635)
- Fixes a floating point exception in
SparseDenseCwiseDiv
(CVE-2021-37636)- Fixes a null pointer dereference in
CompressElement
(CVE-2021-37637)- Fixes a null pointer dereference in
RaggedTensorToTensor
(CVE-2021-37638)- Fixes a null pointer dereference and a heap OOB read arising from operations restoring tensors (CVE-2021-37639)
- Fixes an integer division by 0 in sparse reshaping (CVE-2021-37640)
... (truncated)
Changelog
Sourced from tensorflow's changelog.
Release 2.5.2
This release introduces several vulnerability fixes:
- Fixes a code injection issue in
saved_model_cli
(CVE-2021-41228)- Fixes a vulnerability due to use of uninitialized value in Tensorflow (CVE-2021-41225)
- Fixes a heap OOB in
FusedBatchNorm
kernels (CVE-2021-41223)- Fixes an arbitrary memory read in
ImmutableConst
(CVE-2021-41227)- Fixes a heap OOB in
SparseBinCount
(CVE-2021-41226)- Fixes a heap OOB in
SparseFillEmptyRows
(CVE-2021-41224)- Fixes a segfault due to negative splits in
SplitV
(CVE-2021-41222)- Fixes segfaults and vulnerabilities caused by accesses to invalid memory during shape inference in
Cudnn*
ops (CVE-2021-41221)- Fixes a null pointer exception when
Exit
node is not preceded byEnter
op (CVE-2021-41217)- Fixes an integer division by 0 in
tf.raw_ops.AllToAll
(CVE-2021-41218)- Fixes an undefined behavior via
nullptr
reference binding in sparse matrix multiplication (CVE-2021-41219)- Fixes a heap buffer overflow in
Transpose
(CVE-2021-41216)- Prevents deadlocks arising from mutually recursive
tf.function
objects (CVE-2021-41213)- Fixes a null pointer exception in
DeserializeSparse
(CVE-2021-41215)- Fixes an undefined behavior arising from reference binding to
nullptr
intf.ragged.cross
(CVE-2021-41214)- Fixes a heap OOB read in
tf.ragged.cross
(CVE-2021-41212)- Fixes a heap OOB read in all
tf.raw_ops.QuantizeAndDequantizeV*
ops (CVE-2021-41205)- Fixes an FPE in
ParallelConcat
([CVE-2021-41207] (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41207))- Fixes FPE issues in convolutions with zero size filters (CVE-2021-41209)
- Fixes a heap OOB read in
tf.raw_ops.SparseCountSparseOutput
(CVE-2021-41210)- Fixes vulnerabilities caused by incomplete validation in boosted trees code (CVE-2021-41208)
- Fixes vulnerabilities caused by incomplete validation of shapes in multiple TF ops (CVE-2021-41206)
... (truncated)
Commits
-
957590e
Merge pull request #52873 from tensorflow-jenkins/relnotes-2.5.2-20787 -
2e1d16d
Update RELEASE.md -
2fa6dd9
Merge pull request #52877 from tensorflow-jenkins/version-numbers-2.5.2-192 -
4807489
Merge pull request #52881 from tensorflow/fix-build-1-on-r2.5 -
d398bdf
Disable failing test -
857ad5e
Merge pull request #52878 from tensorflow/fix-build-1-on-r2.5 -
6c2a215
Disable failing test -
f5c57d4
Update version numbers to 2.5.2 -
e51f949
Insert release notes place-fill -
2620d2c
Merge pull request #52863 from tensorflow/fix-build-3-on-r2.5 - Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -
@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language -
@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language -
@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language -
@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.